Data networks allow for the exchange of data between multiple computing devices. Data exchanged over networks often contain sensitive material which needs to be protected using various forms of network security. For example, data centers, cloud providers, and Infrastructure as a Service (IaaS) providers have the challenge of managing data traffic and keeping client data secure within their infrastructure. Network security typically includes provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources. The management of these provisions and policies for networks and challenges presented therefrom are different for all kinds of situations.
Data centers typically include routing and other intermediary components to manage network traffic between systems, including routing, load balancing, and so forth. Enterprise Service Bus (ESB) and service oriented architecture (SOA) frameworks often have similar management structures, at a higher level of abstraction, to manage invocations across the network from an application program interface (API) consumer to an API provider. These frameworks typically use proxies and other centralized components to route and manage traffic, often with storage components and a management console user interface (UI). These frameworks often operate within a company's firewall, and rely on firewalls and network isolation to provide security for unencrypted network traffic.
Such network technology infrastructures suffer from a variety of related issues surrounding web services and the sensitive data that travels between systems on a network. Currently there are unacceptable risks related to the exchange of data over networks due to malware known to exist within firewalled networks having visibility into the paths the sensitive data transits between components within a network.
Current solutions for network security are expensive time consuming to implement, and limit flexibility. For example, web service calls are expensive compared to in-process or cross-thread calls due to network latencies and process synchronizations. For example, adding a proxy in the middle of a network more than doubles the cost of the web service calls. A shared proxy is also a performance bottleneck when multiple calls are routed through it, and creates another source of failure, affecting robustness of the network. Additionally, proxies, routers, load balancers, and other intermediaries require many processes, running on virtual machines and on specialized hardware, many with their own data storage components. The costs, limitations, and management of all this is significant and the auditing and controls enforcement across such a network technology infrastructure is difficult.